Since the earliest history, various institutions (e.g., governments and private companies alike) have recorded their actions and transactions. Subsequent generations have used these archival records to understand the history of the institution, the national heritage, and the human journey. These records may be essential to support the efficiency of the institution, to protect the rights of individuals and businesses, and/or to ensure that the private company or public corporation/company is accountable to its employees/shareholders and/or that the Government is accountable to its citizens.
With the advance of technology into a dynamic and unpredictable digital era, evidence of the acts and facts of institutions and the government and our national heritage are at risk of being irrecoverably lost. The challenge is pressing—as time moves forward and technologies become obsolete, the risks of loss increase. It will be appreciated that a need has developed in the art to develop securely accessible electronic records archives system and method especially, but not only, for the National Archives and Records Administration (NARA) in a system known as Electronic Records Archives (ERA), to resolve this growing problem, in a way that is substantially obsolescence-proof and policy neutral. While the exemplary embodiments described herein deal with respect to safeguarding the access to government records, the described embodiments are not limited to archives systems applications nor to governmental applications and can also be applied to other large scale storage applications, in addition to archives systems, and for businesses, charitable (e.g., non-profit) and other institutions, and entities.
Access control has previously been solved using Mandatory Access Controls (MAC), Discretionary Access Controls (DAC), Role Based Access Controls (RBAC), Content Based Access Controls (CBAC) or some combination of one or, at most, two of them. See for example, U.S. Pat. Nos. 6,088,679, 6,023,765 and 6,202,066.
Classical automated information system access controls were primarily implemented at the OS level with some control provided within applications. OS level controls consisted of Mandatory Access Controls (MAC) and Discretionary Access Controls (DAC). Access control was used primarily to restrict access to information system files. MAC provided for the assignment of clearances to individuals (subjects) and clearance restrictions to files (objects). The policy generally restricted access to objects with a clearance restriction of x to subjects who had clearances of x or higher. Individual (read, write, execute etc.) permissions were granted to groups into which subjects were assigned. DAC allowed for subjects to grant other subjects access to the objects they controlled. These access control methods did not allow the flexibility needed by modern automated information systems which resulted in the development of Role Based Access Control (RBAC). RBAC implements access control based on the business role a subject plays in an organization. While RBAC represents an improvement over DAC or MAC it still lacks the flexibility needed by modern AISs.